Re: [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-10: (with DISCUSS and COMMENT)
Roman Danyliw <rdd@cert.org> Wed, 19 May 2021 22:00 UTC
Return-Path: <rdd@cert.org>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955063A20B2; Wed, 19 May 2021 15:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1p5cGWahvjN5; Wed, 19 May 2021 15:00:02 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 099FB3A20B4; Wed, 19 May 2021 15:00:01 -0700 (PDT)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 14JLxvOj012652; Wed, 19 May 2021 17:59:57 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 14JLxvOj012652
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1621461597; bh=SrXjC9jgFnlW76VpZf/tXRH6gzlx7ppcZOb7RfUIjF4=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=fg0ie7ZTsnOg2XoJiLwVknc9+6umYO1GdXW2EAzZT4vyCfOqR3HuDAqjFww7t5V+8 BBPPoUP5+9xp4GlCxhkrqvertDY46e48hXuXixogTIY5VFRiYawVPsYTTKHKXKzlDH rhO5FlLfg9MghR72l1pSFWPV/GZS67Z63jwxtBfs=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 14JLxoAo029846; Wed, 19 May 2021 17:59:51 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 19 May 2021 17:59:50 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2242.008; Wed, 19 May 2021 17:59:50 -0400
From: Roman Danyliw <rdd@cert.org>
To: Russ Housley <housley@vigilsec.com>
CC: IESG <iesg@ietf.org>, "draft-ietf-opsawg-finding-geofeeds@ietf.org" <draft-ietf-opsawg-finding-geofeeds@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, Ops Area WG <opsawg@ietf.org>, George Michaelson <ggm@algebras.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-10: (with DISCUSS and COMMENT)
Thread-Index: AQHXTCnIwb8ZzXp60Uihj+Vd88HCiarrMa2AgAAn+IA=
Date: Wed, 19 May 2021 21:59:49 +0000
Message-ID: <4a5113cbdd134cc6ab64f0c8cd505887@cert.org>
References: <162137200225.19763.15610320941214951948@ietfa.amsl.com> <8CDA1FF9-1C6B-4FD8-9764-E3029949AEFB@vigilsec.com>
In-Reply-To: <8CDA1FF9-1C6B-4FD8-9764-E3029949AEFB@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.201.59]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/R-P88_TaiEDCLiSBQMXVjiyVdIg>
Subject: Re: [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds-10: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 22:00:08 -0000
Hi Russ! Inline ... > -----Original Message----- > From: Russ Housley <housley@vigilsec.com> > Sent: Wednesday, May 19, 2021 11:27 AM > To: Roman Danyliw <rdd@cert.org> > Cc: IESG <iesg@ietf.org>; draft-ietf-opsawg-finding-geofeeds@ietf.org; > opsawg-chairs@ietf.org; Ops Area WG <opsawg@ietf.org>; George Michaelson > <ggm@algebras.org> > Subject: Re: Roman Danyliw's Discuss on draft-ietf-opsawg-finding-geofeeds- > 10: (with DISCUSS and COMMENT) > > Roman: > > Addressing some of your comments below. I'm leaving others to my co- > authors. > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > The validation process for the signature computed in Section 4 seems > > underspecified. > > > > For example, let’s consider the example in Appendix A. Through a whois > query > > for 192.0.2.0 one finds a “remarks: Geofeed <https url>” field which > > leads to a geofeed file which had the detached CMS signature blob “# > > RPKI > > Signature: 192.0.2.0/24” depicted at the end of Appendix A. What > > reference or text guides how to validate that signature in the RPKI > > (akin to the level of detail in Section 3.3 of RFC7909 or RFC6125)? > > > > I’m inferring that the steps would roughly be: > > > > ** Download the end-entity certificate identified by the > > subjectKeyIdentifier field via the pointer/URI in the > > “subjectInfoAccess” field extracted from the CMS signature blob > > > > ** Download the intermediate certificate identified by the > > authorityKeyIdentifier field via the pointer/URI in the “caIssuer” > > field extracted from the CMS signature blob > > > > ** Based on the RIR identified in the whois query, download the RPKI > > trust anchor of the RIR > > > > ** Validate the certificate chain from the RPKI trust anchor down to > > the end-entity certificate. Check that all of the basicConstraints, > > certificatePolicies, etc. are accurate. Check the CRL. > > > > ** Verify that the end-entity certificate contains the IP address of > > interest > > (192.0.2.0) in the sbgp-ipAddrBlock field > > > > ** Validate the signature using the algorithm identified in the CMS > > signature blog using the end-entity certificate > > > > Is that the process? Is that stated somewhere in the document or > > available via reference? > > I suggest the following changes in Section 4: > > OLD: > > Validation of the signing certificate needs to ensure that it is part > of the current manifest and that the resources are covered by the > RPKI certificate. > > As the signer specifies the covered RPKI resources relevant to the > signature, the RPKI certificate covering the inetnum: object's > address range is included in the [RFC5652] CMS SignedData > certificates field. > > Identifying the private key associated with the certificate, and > getting the department with the Hardware Security Module (HSM) to > sign the CMS blob is left as an exercise for the implementor. On the > other hand, verifying the signature requires no complexity; the > certificate, which can be validated in the public RPKI, has the > needed public key. > > NEW: > > As the signer specifies the covered RPKI resources relevant to the > signature, the RPKI certificate covering the inetnum: object's > address range is included in the [RFC5652] CMS SignedData > certificates field. > > Identifying the private key associated with the certificate, and > getting the department with the Hardware Security Module (HSM) to > sign the CMS blob is left as an exercise for the implementor. On the > other hand, verifying the signature requires no complexity; the > certificate, which can be validated in the public RPKI, has the > needed public key. > > The trust anchors for the RIRs are expected to already be available > to the party performing signature validation. Validation of the CMS > signature on the geofeed file involves: > > 1. Obtain the signer's certificate from an RPKI Repository. The certificate > SubjectKeyIdentifier extension [RFC5280] MUST match the > SubjectKeyIdentifier in the CMS SignerInfo SignerIdentifier [RFC5652]. > If the key identifiers do not match, then validation MUST fail. > > 2. Construct the certification path for the signer's certificate. All of > the needed certificates are expected to be readily available in the > RPKI Repository. The certification path MUST be valid according to > the validation algorithm in [RFC5280] and the additional checks > specified in [RFC3779] associated with the IP Address Delegation > certificate extension and the Autonomous System Identifier Delegation > certificate extension. If certification path validation is unsuccessful, then > validation MUST fail. > > 3. Validate the CMS SignedData as specified in [RFC5652] using the > public key from the validated signer's certificate. If the signature > validation is unsuccessful, then validation MUST fail. > > 4. Verify that the IP Address Delegation certificate extension [RFC3779] > covers the address range of the geofeed file. If the address range is > not covered, then validation MUST fail. > > If all of these steps MUST be successful to consider the geofeed file > signature as valid. Works for me. Thanks for precisely stating the CMS field names which would not have been recognizable from my above short hand notation. > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thank you to Kyle Rose for the SECDIR review. > > > > ** Section 3. "It is only used to authenticate a pointer to the > > geofeed file and transport integrity of the data." > > > > To separate the notion of the transport security provided with TLS and > > the object security provided by the RPKI signature, it might be cleaner to say: > > > > TLS and the web PKI authenticate the domain name in the URL and > > provides confidentiality and integrity for the geofeed file in transit. > > The RPKI signature ought to be sufficient to consider the signature valid. The > WebPKI is providing authentication and integrity of the fetched data, but if any > of the data is modified at any point in the process, the RPKI signature will catch > it. > > > ** Section 4. Per “Borrowing detached signatures from [RFC5485] …”, > > I’m having trouble following which concept is being borrowed to > > elevate this to a normative reference. > > With the changes to address your DISCUSS, this can probably be an > informational reference. Agreed. > > ** Section 4. Per “the RPKI certificate covering the inetnum: > > object's address range is included in the [RFC5652] CMS SignedData > > certificates field”, can a more specific statement be made to say that > > it would be the sbgp-ipAddrBlock field in the certificate? > > I think this is already explained in the definition of 'covers'. Am I missing > something? With the precision you provided in the response to the DISCUSS, I would have rephrased my original comment to: NEW ... the RPKI certificate covering the inetnum: object's address range is included in the IP Address Delegation certificate extension [RFC3779] field. > > object's address range is included in the [RFC5652] CMS SignedData > > certificates field > > ** Section 4. Per the format of the signature appended to the geofeed file: > > # RPKI Signature: 192.0.2.0/24 > > # > MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKo > Z > > # > IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7h > Zu > > ... > > # > imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa > > # O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk= > > # End Signature: 192.0.2.0/24 > > > > -- Are the header “# RPKI Signature: 192.0.2.0/24” and footer “# End > Signature: > > 192.0.2.0/24” syntactically required? If would seem so, but that’s > > never explicitly stated and can only be inferred via the example. It > > would be helpful to explicitly clarify that. > > Yes, they are required. Randy, can you suggest a MUST statement? I figured. I'm thinking it just needs a sentence to say that. > > ** Appendix A. > > > > Section 4 says: “As the signer specifies the covered RPKI resources > > relevant to the signature, the RPKI certificate covering the inetnum: object's > address > > range is included in the [RFC5652] CMS SignedData certificates field.” I was > > expecting the end-entity certificate to encode “192.0.2.0/24” in the > > sbgp-ipAddrBlock field. The CA certificate has this IP block, but the > > end-entity certificate decodes the sbgp-ipAddBlock field to “IPv4: > > inherit > > IPv6: inherit”. Is that expected -- to have both an ipv4 and ipv6 > > annotation (since the previous certificate in the chain only mentioned > > IPv4), and not explicitly repeat the IPv4 value? > > This will be done when the CA is issuing a subordinate certificate explicitly for > geofeed signing. This is good key hygene to use a given key for only one > purpose. There was a CMS structure subtlety that I didn't understand. The CA cert made no reference to v6, but the end-point one did. Regards, Roman > Russ >
- [OPSAWG] Roman Danyliw's Discuss on draft-ietf-op… Roman Danyliw via Datatracker
- Re: [OPSAWG] Roman Danyliw's Discuss on draft-iet… Russ Housley
- Re: [OPSAWG] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
- Re: [OPSAWG] Roman Danyliw's Discuss on draft-iet… Russ Housley